StrongSwan 5.9.10 is now available, a free package for creating IPSec-based VPN connections used on Linux, Android, FreeBSD, and macOS. The new version fixes a dangerous vulnerability (CVE-2023-26463) that could be used to bypass authentication, but could also potentially lead to attacker code being executed on the server or client side. The problem manifests itself when checking specially designed certificates in EAP (Extensible Authentication Protocol) authentication methods based on TLS.
The vulnerability is caused by the TLS handler incorrectly accepting public keys from a peer's certificate, considering them to be trustworthy, even if the certificate cannot be successfully verified. In particular, when calling the tls_find_public_key() function, fetching based on the public key type is used to determine which certificates are trustworthy. The problem is that the variable used to determine the key type for the lookup operation is set anyway, even if the certificate is not trustworthy.
Moreover, through key manipulation, it is possible to reduce the reference counter (if the certificate is not trustworthy, the reference to the object is released after the key type is determined) and free up memory for the still used object with the key. The considered flaw does not exclude the creation of exploits for organizing information leakage from memory and executing your own code.
The attack on the server is carried out by sending a self-signed certificate by the client to authenticate the client using the EAP-TLS, EAP-TTLS, EAP-PEAP and EAP-TNC methods. An attack on the client can be made through the return of a specially designed certificate by the server. The vulnerability appears in the strongSwan 5.9.8 and 5.9.9 releases. The publication of package updates in distributions can be tracked on the pages: Debian, Ubuntu, Gentoo, RHEL, SUSE, Arch, FreeBSD, NetBSD.
Source: opennet.ru